Spread by email, so I'd really like to know how customized they were, or if they picked something generic enough to get all the people to click on whatever malicious link was used. Our IT dept sends out 'fake'-fake emails about once a quarter as part of employee training stuff to try to dupe us into clicking on a false link that basically says 'oops dont do this'. But they're usually so cheesily obvious that it's just a nuisance.

I don't think it spreads by phishing as some previously thought, because of the speed at which it spreads. And most people actually do identify the phishing emails well.

Quote:

Originally Posted by PeppermintPatty

And it turns out that the virus doesn't do anything if it finds that the domain exists -- probably an intentional kill switch.

Also, the guy that stopped (the first round of) wannacrypt says he doesn't believe now that that was a kill switch, but rather, just a poorly-coded anti-analysis. More rounds of campaigns could start this week, but he did win some time for people to patch their computers.

So far they have collected about $50K, which seems really low for such a huge attack. Even with such a modest pay-off, they may have trouble laundering the money. It's hard to know who owns a bitcoin account, but once you use it to pay for something, it's not that hard to know who takes possession of the good or service you pay for.

If the value of your encrypted files is well over $300 (ahem, hospitals), I think the motivation would be there to quickly learn how to pay in BTC. I also think it would be a risk I'd be very willing to take for the chance to recover the files.